DEVHIDE
Login Or Sign up

OSSEC HIDS on AWS ECS

737 Views Asked by At

The question is more about architecture to choose then coding per se. I have my app deployed on AWS ECS (cluster made of ec2 instances running containers). How can I install OSSEC HIDS in that setup? As a side container for every app container or it should be centralized somehow?

Thank you for any hints.

amazon-web-services docker ossec
Original Q&A
1

There are 1 best solutions below

3
On

Rule of thumb "One process per container", you should not install any agent in a docker container.

You can follow two approaches

  • Install OSSEC HIDS agent on ECS optimized AMI which will run on EC2 host that run the container, your ESC cluster will use this AMI for all future container.
  • Or Push ECS logs to cloud watch and place OSSEC HIDS with cloud watch and ELK.

For ECS optimized AMI, create custom AMI and configure the agent on that rest of the procedure will be same as standard EC2 machine.

enter image description here

how-to-monitor-host-based-intrusion-detection-system-alerts-on-amazon-ec2-instances

Related Questions in AMAZON-WEB-SERVICES

Related Questions in DOCKER

Related Questions in OSSEC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.